Web Wiz Forum 6.347.07.5 - Unauthorized Private Forum Access

2003-11-03T00:00:00
ID EXPLOITPACK:EF5D48DCE3B7A421D1C79C524DF3CECA
Type exploitpack
Reporter Alexander Antipov
Modified 2003-11-03T00:00:00

Description

Web Wiz Forum 6.347.07.5 - Unauthorized Private Forum Access

                                        
                                            source: https://www.securityfocus.com/bid/8957/info

A vulnerability has been reported in Web Wiz Forum that could allow unauthorized access to private forums. The problem occurs when handling malformed requests that make use of 'quote' mode. When this mode is used, Web Wiz Forum will allegedly fail to carry out sufficient checks between the requested forum and message. As a result, an attacker could potentially read or write to a private forum.

http://www.example.com/post_message_form.asp?mode=quote&PID=1111&FID=1&TID=11&TPN=1